Re: [PHP] input validation?
input type=text maxlength=300 I think the attribute is called maxlength but i'm not sure, oh well add the maxlength attribute to your input tag to have a quick, clean non-javascript-realiant solution On 1/12/06, John Meyer [EMAIL PROTECTED] wrote: Stut wrote: Ok, you're clearly missing my point and while I don't want this to degrade into the usual pissing contest I do feel I need to clarify what I was saying. I completely agree that in this case Javascript should be used to provide the user with feedback as to how close to the limit they are. However, in your post you described the solution as either Javascript *or* PHP when the best solution is both. What I was pointing out is that while Javascript is a better solution from a usability point of view, not doing the validation with PHP is dangerous regardless of whether the length is validated using Javascript or not. I certainly don't believe that PHP is the total solution for most situations, but when it comes to input validation you *need* to do validation on the server-side regardless of what validation you do with Javascript since you have no control over whether the Javascript gets executed. This sounds almost like the old DB vs. Application logic debate I see on several mailing lists; whether you should store more logic in the DB Server through triggers or through application logic. My point on this is that it boils down to how important that data is. If it's somebody's comments on their blog or on a post, I'd just leave it on the application _or_ trim it down to the 300 characters and input it in. bank transactions, I'd have so many triggers going it would be unreal. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Hi Everyone, I am running PHP 5 on Windosws XP SP2 with MySQL5, Bye Now!
RE: [PHP] input validation?
[snip] I need to check that user input text is less than 300 characters long. How? [/snip] string length, it's in the manual. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] input validation?
William Stokes wrote: Hello, I need to check that user input text is less than 300 characters long. How? Thanks -Will Try with strlen: http://php.net/strlen Silvio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] input validation?
I need to check that user input text is less than 300 characters long. How? if (strlen($_POST['input']) 300) { ... You may want to also apply trim() to the input text to get rid of extraneous white space at the beginning and end of the input. Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] input validation?
On Thu, 12 Jan 2006 16:56:43 +0200 William Stokes [EMAIL PROTECTED] wrote: Hello, I need to check that user input text is less than 300 characters long. How? if(strlen($UserInputText) 300){ echo(Too long); } See http://www.php.net/manual/en/print/function.strlen.php Regards, Ozz. pgpeKLczT0L1F.pgp Description: PGP signature
Re: [PHP] input validation?
Hmm.. I didn't see anyone ask before or after the user clicks SUBMIT? If it's before, then you should use javascript to check the form element prior to submitting (you can check realtime with the onkeydown, onkeyup events... check after a user moves off of the form element with onchange or even onfocus/onblur... or when the user clicks 'submit' with the onsubmit event). Whenever you check it... it's going to be something like forms[formnameornumber].formelementname.length or something like that in JS. If it's after the user submits the form, then yeah, what everyone else said.. strlen($data) (where $data contains the information submitted). -TG = = = Original message = = = Hello, I need to check that user input text is less than 300 characters long. How? Thanks -Will ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] input validation?
[EMAIL PROTECTED] wrote: Hmm.. I didn't see anyone ask before or after the user clicks SUBMIT? Probably because this is a PHP list and nothing that happens on the client side is a) controllable by PHP or b) guaranteed. Whatever you do on the client side you should always validate anything coming from the client on the serverside. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] input validation?
[EMAIL PROTECTED] wrote: I disagree... PHP frequently involves interacting with or outright using alternative technologies to accomplish your goal. This includes HTML, XML, databases, etc. To effectively use PHP you need to understand your options and the pros/cons in using the other technologies. PHP isn't a total solution for most situations. Suggesting that all problems be solved with PHP just because it's a PHP mailing list is shortsighted and I believe *that* can do more harm for novice developers than not suggesting alteratives. Ok, you're clearly missing my point and while I don't want this to degrade into the usual pissing contest I do feel I need to clarify what I was saying. I completely agree that in this case Javascript should be used to provide the user with feedback as to how close to the limit they are. However, in your post you described the solution as either Javascript *or* PHP when the best solution is both. What I was pointing out is that while Javascript is a better solution from a usability point of view, not doing the validation with PHP is dangerous regardless of whether the length is validated using Javascript or not. I certainly don't believe that PHP is the total solution for most situations, but when it comes to input validation you *need* to do validation on the server-side regardless of what validation you do with Javascript since you have no control over whether the Javascript gets executed. Off to get more coffee ;) -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] input validation?
Stut wrote: Ok, you're clearly missing my point and while I don't want this to degrade into the usual pissing contest I do feel I need to clarify what I was saying. I completely agree that in this case Javascript should be used to provide the user with feedback as to how close to the limit they are. However, in your post you described the solution as either Javascript *or* PHP when the best solution is both. What I was pointing out is that while Javascript is a better solution from a usability point of view, not doing the validation with PHP is dangerous regardless of whether the length is validated using Javascript or not. I certainly don't believe that PHP is the total solution for most situations, but when it comes to input validation you *need* to do validation on the server-side regardless of what validation you do with Javascript since you have no control over whether the Javascript gets executed. This sounds almost like the old DB vs. Application logic debate I see on several mailing lists; whether you should store more logic in the DB Server through triggers or through application logic. My point on this is that it boils down to how important that data is. If it's somebody's comments on their blog or on a post, I'd just leave it on the application _or_ trim it down to the 300 characters and input it in. bank transactions, I'd have so many triggers going it would be unreal. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Input Validation of $_SESSION values
--- Pablo Gosse [EMAIL PROTECTED] wrote: It's obviously best practice to rigorously check and validate all input coming via $_GET or $_POST, but what about $_SESSION values? Session data can be considered safe, but there are of course caveats. It is not possible for the user to manipulate session data at all, whereas GET, POST, and cookie data comes directly from the user. That is the major difference. Of course, if you blindly store client data in a session, you now have tainted session data. So, it all depends on your application. Hope that helps. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php